Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A network communication device comprising: a packet generator to generate a packet including data for a remote communication device and a header that includes an identifier to identify a type of communication service for the data, wherein the type is an internet protocol multimedia subsystem service, a voice over internet protocol service, a hypertext transport protocol service, or a peer-to-peer service; and a transmitter to transmit, over a secure internet protocol tunnel, the packet via a flow restriction device to the remote communication device, wherein the identifier is to enable the flow restriction device to determine the type of communication service for which the secure internet protocol tunnel is established and either prevent or allow transmission of the packet through the secure internet protocol tunnel to the remote communication device based on the type of communication service, wherein the packet comprises an encapsulating security payload header and a portion of the packet before the encapsulating security payload header comprises the identifier.
A network communication device sends data to another device using a secure tunnel. The device creates a packet that contains the data and a header. The header includes an identifier that specifies the type of communication service (like video calls, voice calls, web browsing, or file sharing). The device transmits the packet through a flow restriction device (like a firewall) using a secure internet protocol tunnel. The identifier lets the flow restriction device know the type of communication service using the secure tunnel, so it can either block or allow the packet based on that service type. The packet uses Encapsulating Security Payload (ESP) for security, and the identifier is placed *before* the ESP header within the packet.
2. The network communication device of claim 1 , wherein the packet comprises an internet protocol security packet.
The network communication device as described above uses an Internet Protocol Security (IPsec) packet for secure communication. In other words, the secure internet protocol tunnel mentioned previously is specifically an IPsec tunnel, providing encryption and authentication for the data transmitted.
3. A flow restriction device comprising: a receiver to receive data being transmitted from a first communication device to a second communication device, wherein the data include an indicator that identifies a type of communication service for the data, and wherein the type is an internet protocol multimedia subsystem service, a voice over internet protocol service, a hypertext transport protocol service, or a peer-to-peer service; an indication extraction circuit to extract the indicator from the data; and a filter to either prevent or allow transmission of the data to the second communication device based on the type of communication service identified by the indicator, wherein the data comprises an encapsulating security payload packet having an encapsulating security payload header and a portion of the encapsulating security payload packet before the encapsulating security payload header comprises the indicator.
A flow restriction device (like a firewall) monitors data sent between two communication devices. It receives data that includes an indicator specifying the type of communication service (video calls, voice calls, web browsing, or file sharing). An indicator extraction circuit pulls out this indicator. Based on the communication service type identified by the indicator, a filter either blocks or allows the data to reach the destination device. The data is structured as an Encapsulating Security Payload (ESP) packet which contains an ESP header. The indicator of the service type is placed *before* the ESP header within the packet.
4. The flow restriction device of claim 3 , wherein the data comprises a message for initiation of a communication session with the second communication device.
The flow restriction device described above receives data that is a message initiating a new communication session between two devices. Essentially, the data being inspected is part of the handshake or setup process for establishing a connection. The flow restriction device uses the communication service identifier in this initiation message to decide whether to allow or block the connection.
Unknown
September 5, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.